A home security technician has admitted to repeatedly breaking into cameras he installed and watching customers engage in sex and other intimate acts.
Telesforo Aviles, a 35-year-old former employee of ADT, a home and small office security company, said he used the cameras of about 200 customer accounts more than 9,600 times in a five-year period — all without customers’ permission or knowledge. He said he had taken note of homes with women he found attractive and then watched their cameras for sexual gratification. He said he watched naked women and couples having sex.
Aviles made the confessions Thursday in U.S. District Court for the District of North Texas, where he pleaded guilty to one count of computer fraud and one count of invasive visual recording. He faces a maximum of five years in prison.
Aviles told prosecutors he has routinely added his email address to the list of users authorized to access customers’ ADT Pulse accounts, which allow customers to connect remotely to the ADT home security system so they can turn on lights. enable or disable, enable or disable alarms, and view feeds from security cameras. In some cases, he told customers to add himself temporarily to test the system. Other times he added himself without their knowledge.
More legal consequences
An ADT spokesperson said the company brought the illegal behavior to the attention of prosecutors last April after learning that Aviles had gained unauthorized access to the accounts of 220 customers in the Dallas area. The security company then contacted each customer “to make things right”. The company has already resolved disputes with a number of customers. ADT published this statement last April and has continued to update it.
“We are grateful to the Dallas FBI and the U.S. Attorney’s Office for holding Telesforo Aviles responsible for a federal crime,” the company wrote in an update posted Friday.
In the wake of the infringement’s discovery, ADT has been hit by at least two proposed class-action lawsuits, one on behalf of ADT customers and the other on behalf of minors and others living in the homes. A plaintiff in one of the lawsuits was reportedly a teenager at the time of the infringement. ADT informed her family that the technician had spied on her home nearly 100 times, according to the lawsuit.
The suits alleged that ADT marketed its camera systems as a way for parents to use smartphones to check in children and pets. ADT, prosecutors said, failed to implement security measures, including two-factor authentication or SMS alerts when new parties gain access to the accounts, which could have alerted customers to the invasion. The breach was discovered when a customer noticed an unauthorized email between addresses that had access to the security system.
The unveiling of an electronic Peeping Tom is a good reminder of the risks associated with installing network-connected cameras in the home or other locations where there is a reasonable expectation of privacy. People who choose to accept these risks should take the time to educate themselves on how to use, configure, and maintain the devices. One of the first things you should inspect is the list of users who have been granted access and who are actually logged into the system.